I have an ASA 5506 running in my lab and I wanted to establish the basic configuration for it first before I jump into the TrustSec configuration. This post isn't much of a deep dive but more informational in the even someone is building a lab similar to mine.

Jumping into it, I'm going to start with the basic interface, IP, domain name and NAT configuration:

Give the connection profile a name and set it up for the outside interface:

On the next page, choose the SSL checkbox only and no device certificate:

On the next screen, you will need to add a client image which you can download off of the Cisco support page. Click the appropriate package to upload and click next.

On the next page, click next for now:

On the next page, pick an address pool that won't mess with the existing deployment or DHCP. In this lab, I have my switch using 10.1.100.100-200 so I'm going to use 10.1.100.201-250 to assign to VPN clients:

Fill in the necessary information and click next:

Check the box for NAT exception and click next:

Click next and finish.

Navigate to Configuration>Remote Access VPN>Network (Client) Access>Group Policies and open the group policy you just created. Under the Edit Internal Group Policy window, expand Advanced and highlight Split Tunnel. Uncheck the box next to the policy and choose Tunnel Network List Below. Uncheck the box next to Network List and then click Manage.

You'll need to create an ACL with all the internal subnets permitted. After doing so, click Ok and make sure that ACL is chosen in your Network List:

Click Ok and Apply the configuration.

Open up AnyConnect and connect to the outside interface. You should be able to access it now.